January 19, 2024 at 08:23AM
VMware confirmed active exploitation of a critical vCenter Server vulnerability (CVE-2023-34048) reported by Trend Micro researcher Grigory Dorodnov. Multiple end-of-life products were patched, and ransomware gangs target VMware servers. Over 2,000 exposed servers pose breach risks. VMware urged strict network access control and previously fixed high-severity vCenter Server flaws, an ESXi zero-day, and a critical Aria Operations for Networks flaw.
Based on the provided meeting notes, the key takeaways are:
1. VMware has confirmed active exploitation of a critical vCenter Server remote code execution vulnerability (CVE-2023-34048) reported by Trend Micro vulnerability researcher Grigory Dorodnov. Attackers can exploit it remotely in low-complexity attacks with high impact.
2. There is a risk of ransomware groups targeting VMware ESXi servers to steal and encrypt files, demanding huge ransoms.
3. Over 2,000 VMware Center servers are currently exposed online, potentially vulnerable to attacks.
4. VMware recommends strict network perimeter access control to vSphere management components, and has issued security patches for multiple end-of-life products without active support.
5. Multiple high-severity vCenter Server security flaws have been fixed, including those posing code execution and authentication bypass risks.
These takeaways highlight the critical nature of the vCenter Server vulnerability and the importance of implementing security measures to mitigate the risks associated with it.